Menu

The FCA's approach to Financial Crime: Key considerations for firms

In November 2024, the FCA published a Policy Statement introducing changes to its Financial Crime Guide, which came into force on 29th November 2024. It also published Handbook Notice 124, which sets out specific sections in the Guide which were updated.

In this article, UKGI Compliance’s Alastair Haughton sets out the changes to the Guide, what they relate to, and key considerations for firms.

 

Which FCA rules apply in relation to Financial Crime?

The main Handbook requirements are set out in the Senior Management Arrangements, Systems and Controls Sourcebook (SYSC). One of the FCA’s objectives is embodied in the rule in SYSC 6.1.1, which states that:

“a firm must establish, implement and maintain adequate policies and procedures sufficient to ensure compliance... with its obligations under the regulatory system and for countering the risk that the firm might be used to further financial crime.”

There are more specific financial crime requirements in SYSC 6.3 relating to money laundering. However, these only apply as 'rules' to firms subject to The Money Laundering, Terrorist Financing and Transfer of Funds (information on the payer) regulations 2017 ('MLR 2017'), which is not applicable to the majority of general insurance intermediaries. However, the 'application of the rules' dictates that SYSC 6.3 applies to general insurance intermediaries as 'should do' rather than 'must do'.

 

Existing Guidance on Financial Crime

When considering potential exposure to financial crime risks, the FCA’s Financial Crime Guide provides consolidated guidance on the systems and controls firms should use to counter various types of financial crime risks.

The Guide is accompanied by a further ‘guide’ in the Handbook titled Financial Crime Thematic Reviews (FCTR), which summarises sixteen historic thematic reviews of various financial crime risks, each providing examples of good and poor practice.

For smaller firms, FCTR 10 sets out a detailed set of good and poor practice findings from the FSA’s 2010 Small Firms Financial Crime Review.

 

Whilst historic, these thematic review findings are still largely relevant today; together, the Guide and Thematic Reviews provide useful examples of good and poor practice in relation to governance, structure, risk assessment, policies and procedures, recruitment, vetting, training, awareness, remuneration (pay), and quality of oversight.

The FCA also has a financial crime resources page on its website.

 

Latest updates to the Guide

The November 2024 updates relate to sanctions, proliferation financing and transaction monitoring, add references to crypto assets and the Consumer Duty, and make consequential changes throughout the Guide (such as data security, updating case studies and examples of good and poor practice).

In relation to the financial sanctions update, the FCA has:

  • updated the terminology in the Sanctions chapter for clarity and consistency;
  • provided clarification about when firms should notify the FCA of suspected sanctions breaches;
  • included specific reference to Senior Management responsibility in the Sanctions chapter (FCG 7): “We expect senior management to take clear responsibility for managing sanctions risks, which should be treated in the same manner as other risks faced by the business. There should be evidence that senior management are actively engaged in the firm’s approach to addressing the risks of non-compliance with UK financial sanctions. Where they identify gaps, they should remediate them.”; and
  • added to the firm ’self-assessment’ questions in FCG 7, in relation to sanctions (e.g., “How are senior management kept up to date with sanctions compliance issues?”).

 

Customer due diligence and financial sanctions – a reminder

In the Guide, the FCA includes guidance on money laundering in Chapter FCG 3, and on financial sanctions in Chapter FCG 7; both chapters include commentary on customer due diligence.

 

Customer due diligence – know the risk

An insurance intermediary’s approach to due diligence should be driven by an understanding of how ‘risky’ its customer base is, or individual customers are, from a financial crime perspective (i.e., how big is the risk that the firm will be used as a vehicle to carry out financial crime?).

In a report published on 23rd January this year, following a review of firms’ money laundering defences, the FCA identified areas where firms needed to improve to better protect against money laundering, including:

  • an underestimation of the risks of money laundering firms are exposed to;
  • over-reliance on others in the transaction chain completing appropriate due diligence checks on customers; and
  • limited information sharing between firms.
  • It is recommended that firms carry out a risk assessment to determine how likely they are to be potential targets for financial crime. Potential ‘risks’ in relation to the nature of the business or the nature of the customer, could include:
  • the geographical locations of customers (UK, high/low-risk financial crime territories);
  • identifying overseas business from high-risk jurisdictions;
  • the nature of products sold (size of premiums, propensity to claim);
  • large, one-off cash transactions;
  • the use of PO Box numbers or a false address;
  • the nature of the customer base;
  • customer connections with dubious individuals or organisations (e.g., the customer is a known criminal or associate of a known criminal);
  • high premium payments compared to income or status;
  • lack of a customer’s concern over early cancellation charges;
  • undue interest in pay-out options;
  • request for change of beneficiary;
  • unusual transactions or suspicious behaviour;
  • cover for assets inconsistent with customer’s economic profile; or
  • early or suspicious claims.

 

Firms should ask themselves:

  • Has the firm identified how different aspects of the business may be affected by money laundering and terrorist financing?
  • Has the firm identified how day-to-day operations might be affected by the need to prevent money laundering and terrorist financing?
  • Has the firm designed and implemented money laundering controls which are relevant and proportionate?
  • Has the firm identified good sources of information such as Financial Action Task Force (FATF), Joint Money Laundering Steering Group, court judgements etc?
  • Has the firm instigated on-going training for all staff to recognise suspicious activity and to know how to escalate it?
  • Has the firm put in place procedures to report suspicious activity to the authorities?

 

Customer due diligence – know the customer

It is important to be able identify each individual customer reliably and, where appropriate, to verify their source of funds. Whilst insurance intermediaries are not under the same pressures as banks and investment firms to authenticate ID, some day-to-day customer due diligence measures help to address potential money laundering and terrorist financing issues. There is no ‘one-size-fits-all’ solution but various checks can be made using, for example:

  • electoral registers;
  • bank account verification systems;
  • commercial databases of known fraudsters;
  • credit reference agencies;
  • requesting sight of ID such as a driving licence or passport;
  • requesting utility or council tax bills; and
  • checking the HMT Financial Sanctions list.

With the implementation of the Economic Crime and Corporate Transparency Act 2023, expectations have been raised in relation to the identification of beneficial owners of corporate entities such as Limited Companies, etc. Companies House already has new powers in this regard, and it is likely that by Autumn 2025 the UK Government will be introducing compulsory identity verification (‘ID-V’) for Directors and people with significant control of companies incorporated in any part of the UK.  New companies will need ID-V on incorporation, but existing companies will require it over a twelve-month period in line with the confirmation statement cycle.

Firms should, therefore, apply the above ‘know the customer’ checks to shareholders and persons with beneficial interests in corporate customers.

Firms should ask themselves:

  • What are the main risk indicators in carrying out checks on customers and prospective customers?
  • Are the risks associated with individual customer relationships understood?
  • Are procedures in place to monitor how ID-checking procedures are carried out on a day-to-day basis?
  • Is relevant information obtained about new and existing retail and commercial customers?
  • Does the firm identify any beneficial owners of businesses (individuals or companies not named as policyholders)?
  • How do those who approve new or ongoing business relationships satisfy themselves that the firm has obtained adequate information before doing so?
  • Are procedures sufficiently flexible to cater for customers unable to provide common forms of ID?
  • What is the firm’s policy for dealing with customers who wish to pay in cash?

Remember that the FCA’s requirements in relation to anti-money laundering (out of which customer due diligence arises) are, for general insurance intermediaries, a ‘should do’ rather than a ‘must do’.  Also, for smaller firms, proportionality is the key.

 

Financial sanctions

Sanctions are restrictive measures that can be put in place to fulfil a range of purposes. In the UK, these include complying with UN and other international obligations, supporting foreign policy and national security objectives, as well as maintaining international peace and security, and preventing terrorism.

The UK implements a range of sanctions regimes through regulations made under the Sanctions and Anti-Money Laundering Act 2018 (the Sanctions Act). The Sanctions Act provides the main legal basis for the UK to impose, update and lift sanctions.

UK sanctions regulations made under the Sanctions Act apply in the whole of the UK, including in Northern Ireland. The prohibitions and requirements in these regulations apply to conduct by UK persons. This includes anyone in the UK (including its territorial waters), UK nationals outside of the UK, and bodies incorporated or constituted under the law of any part of the UK.

Some sanctions measures apply through other legislation, such as the Immigration Act 1971 and the Export Control Order 2008.

The law restricts you from:

  • receiving payment from or making funds available to persons on the sanctions list;
  • dealing with their economic resources; or
  • making even legitimate payments to those persons.

In relation to criminal offences, the Terrorist Asset Freezing etc. Act 2010 created a series of new criminal offences. It prohibits:

  • dealing with the funds of designated persons; and
  • making funds, financial services or economic resources available, directly or indirectly, for the benefit of designated persons.

 

Additionally, firms must not knowingly and intentionally participate in activities that would directly or indirectly circumvent these financial restrictions or enable or facilitate the commission of any of the above offences.

Firms can act for someone who is on the sanctions lists but must operate under a licence from/issued by the Office of Financial Sanctions Implementation (OFSI) in advance of engaging in any dealing with funds or economic resources, including being paid your fees or any funds on account.  There are several ‘general’ licences which cover the arranging of / making payments to insurers for insurance contracts (see an example here), but this does not remove the responsibility of firms to report suspicious transactions if the identify them.  The licence simply allows the transaction to happen without the need for a specific licence to be in place to permit the arranging of insurance.

It is a criminal offence not to comply with a financial sanction unless you have or are covered by an appropriate licence or authorisation from OFSI. The FCA is not responsible for enforcing these asset freezes or sanctions, but it expects your systems and controls to mitigate the risk of financial crime to include those that enable you to meet financial sanctions obligations.

In summary:

  • Financial sanctions prevent or restrict business with ‘sanctions targets’.
  • Sanctions targets include Individuals, organisations and regimes responsible for funding terrorism and the abuses of human rights or being involved in financial crime.
  • It is an offence knowing or suspecting a client (person or organisation) is a ‘target’ without disclosing this to HM Treasury.
  • Sanctions include restricting fund transfers and freezing assets.
  • There is no rule or regulation saying that you must check the Sanctions lists, but in simple terms you must not deal with anyone on the list.
  • If you don’t check who is ‘on the list’, how will you know whether you are dealing with a Sanctions target or not?
  • There is a ‘general licence’ which allows you to conduct checks after you have arranged insurance cover – but for long lead-in times, why not check beforehand?
  • The licence does not allow you to return funds to a sanctions target.
  • There are penalties for non-compliance: fines and up to seven years imprisonment.
  • If you know – or suspect – a breach of financial sanctions, you must report it to OFSI. You must also contact OFSI at the earliest opportunityand notify the FCA if::
  • a person you are dealing with, directly or indirectly, is a designated person;
  • you hold any frozen assets; or
  • you discover – or suspect – any breach while conducting your business.

 

UKGI can help

UKGI can assist firms in understanding their financial crime responsibilities, and how to document its processes, procedures and checklists in relation to minimising the risks from financial crime.

If you have any questions about, or need any support in relation to, your financial crime compliance, get in touch at info@ukgigroup.com- we will be happy to discuss how we can assist.

Learn more

The Development Zone has a range of e-learning courses to equip brokers in understanding key industry themes and developments, all whilst aiding users in fulfilling annual CPD requirements!

Useful courses include:

  • Money Laundering and Proceeds of Crime Act 2002
  • Financial Sanctions
  • Fraud Pathway (Multi Course Pathway)

If you are new to the Development Zone, get in touch with the team at devzone@ukgigroup.com to discuss how the platform can aid your firm in fulfilling regulatory CPD requirements whilst enhancing the learning and development of your team. Or request a free 14-day trial at https://mydevelopment.zone/free-trial to see for yourself!

 

FCA Compliance , Consultancy Services

About the author

A compliance technical expert, Al is UKGI's Senior Technical Resources Consultant providing 'back-room' technical support which includes everything from assisting Consultant colleagues with challenging or unusual queries, to updating UKGI's compliance manual, to writing and delivering training, workshops and webinars.

Al Haughton UKGI

Get UKGI Insight In Your Inbox

Regular business news and commentary delivered direct to your inbox each week. Sign up here

Cookies Notice

Find out more about how this website uses cookies to enhance your browsing experience.

Site Analytics (Optional)
We use analytics software to provide a better user experience. By allowing us to monitor site traffic we are able to improve the site. All user data used for analytics purposes is anonymised. Please help us to provide a better service by enabling analytics.
Accept Cookies